Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    unbound and localhost

    Scheduled Pinned Locked Moved DHCP and DNS
    14 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gonn
      last edited by

      >You would have to listen on the interface your query is coming in on.
      LAN interface is enabled, and all others are disabled.

      Based on your advice I checked “Disable Auto-added ACL”
      I created an allow ACL.
      And now it works. Great, thank you so much.

      But I would like to understand two things.

      Why did I have to create my own ACL ?
      Did I delete a default ACL by mistake?

      Why can’t “unbound” be associated with LAN interface but only with All and/or Localhost ?
      I only have a LAN interface so ALL means LAN ?

      GertjanG 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Is your network downstream. The automatic alcs only allow locally attached networks.

        Why can’t “unbound” be associated with LAN interface but only with All and/or Localhost ?

        Huh? It can be bound to any interfaces you want to listen on, as you saw in my screenshot, I have specific interfaces selected.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • GertjanG
          Gertjan @gonn
          last edited by

          @gonn said in unbound and localhost:

          I only have a LAN interface so ALL means LAN ?

          ??
          All means all interfaces.

          This is the perfect, secure and default siltation that works out of the box :

          72f1b7fd-8362-4a05-bfdb-8a3359bfe850-image.png

          Btw : with the Ctrl key you can select several interfaces if you do not want All for some reason.

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Not sure I would call it "perfect" listening on interfaces that have no reason to listen. But it is the best solution to make sure it works out of the box ;) And it will work just fine for most users.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • GertjanG
              Gertjan
              last edited by

              Exact, "Perfect" in a sense that it will make things work.
              From this point, one can start breaking things down ^^

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              G 1 Reply Last reply Reply Quote 0
              • G
                gonn @Gertjan
                last edited by

                When I only select LAN interface I have this message :

                81b56c93-9339-4498-91fe-bb47b1ae0b54-image.png

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  If pfsense is going to use localhost, then yes you have to listen on it.. Or pfsense would have no dns.

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • G
                    gonn
                    last edited by

                    I must selected Localhost + whatever interfaces I want.
                    But I can't select only LAN interface.

                    It musty be a requirement of unbound.

                    Why I was obliged to create my own ACL ?

                    1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator
                      last edited by

                      @gonn said in unbound and localhost:

                      Why I was obliged to create my own ACL ?

                      No idea - I do it on purpose for my needs.

                      You haven't stated what was the source IP trying to query, if downstream and not a locally attached network, then the automatic ACLs would not work..

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                      G 1 Reply Last reply Reply Quote 0
                      • G
                        gonn @johnpoz
                        last edited by

                        Anyway... a great Merci :-)

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.